CVE-2015-8156

3 documents3 sources
Severity
7.8HIGH
EPSS
0.1%
top 68.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Symantec Endpoint Encryption
Timeline
PublishedMay 14
Latest updateMay 17

Description

Unquoted Windows search path vulnerability in EEDService in Symantec Endpoint Encryption (SEE) 11.x before 11.1.1 allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory, as demonstrated by program.exe.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

NVDsymantec/endpoint_encryption11.0, 11.0.0, 11.0.1+2

🔴Vulnerability Details

2
GHSA
GHSA-mjpp-qx3w-m6ww: Unquoted Windows search path vulnerability in EEDService in Symantec Endpoint Encryption (SEE) 112022-05-17
CVEList
CVE-2015-8156: Unquoted Windows search path vulnerability in EEDService in Symantec Endpoint Encryption (SEE) 112016-05-14
CVE-2015-8156 (HIGH CVSS 7.8) | Unquoted Windows search path vulner | cvebase.io